pkce_not_created: The PKCE code challenge and verifier could not be generated

Ivan 6 Reputation points

I use masl[@azure/msal-browser] to achieve user login, it can be successful when I use localhost to access, , but the following error occurs when using IP or domain

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,686 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Thomas Carlsen (Delegate) 1 Reputation point

    Hi :) I just got the same error when using MSAL.js

    We had a web app (SPA) used as an Iframe two places but only one of the places throw back the error above - which was strange I though.

    I then tried to make the auth code flow without MSAL as a fix, but still auth didn't work!? :O

    The issue was that I was using the browser's default digest function window.crypto.subtle.digest but window.crypto.subtle was undefined.

    I later figured out that window.crypto.subtle.digest is only provided in a "secure context" (

    Even though we used https the object was undefined. So I suspect MSAL to also using window.crypto.subtle.digest (because it is a browser default feature) and is why it didn't work.

    As a fix I did the auth code flow manually but used this module for creating the digest: js-sha256